Hide Forgot
Description of problem: It's not possible to use NFS Persistent volumes on RHCOS because of the default SELinux settings. Version-Release number of selected component (if applicable): Red Hat Enterprise Linux CoreOS 410.8.20190315.0 How reproducible: Always Steps to Reproduce: 1. Follow the 3.11 guide to set up a persistent NFS volume, have pod write some data to the NFS mount Actual results: "Permission denied" + AVC messages in the log: kernel: audit: type=1400 audit(1553081660.416:5148): avc: denied { write } for pid=41363 comm="sh" name="dir_1" dev="0:356" ino=35412058 scontext=system_u:system_r:container_t:s0:c480,c827 tcontext=system_u:object_r:nfs_t:s0 tclass=dir permissive=0 Expected results: No AVC, pod is able to use the NFS persistent volume normally Additional info: The problem is that the virt_use_nfs SELinux boolean is off by default: [root@test1-f2ptm-worker-0-mwsz8 log]# getsebool virt_use_nfs virt_use_nfs --> off This was already fixed once on Atomic images: see the bug #1220303
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:0758